Cyber security experts are fast changing tact in providing digital safety and security as cybercriminals turn to generative Artificial Intelligence (AI) to enhance attack.
The change of tact follows increased complexities in combating the threats from the new trends of attacks.
Trend Micro, a global cybersecurity leader has reported detecting over 1.8 million malware targeted at Kenyan businesses and consumers in 2023 alone.
According to Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro, the speed and scalability of AI is increasing the sophistication of social engineering, while also making it quicker and easier for cybercriminals to trawl through large datasets for information to exploit.
Over the coming year, local businesses should expect to see cybercriminals leverage AI in new and sophisticated ways. However, defenders can use the technology to their own advantage, combining AI with zero-trust security frameworks and a strong security culture to combat evolving criminal tactics
Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro
“To guard against these attacks, defenders need to understand the nature of the threats they are facing and evolve their security practices accordingly,” said Zaheer.
Previously, Zaheer says, cybercriminals were using two phishing strategies; mass-blasting a huge number of targets with hopes of catching vulnerable users, and manual targeting of specific users after extensive research on them.
He notes that generative AI has combined the two models, in which attackers send targeted and error-free messages on a mass scale in multiple languages, in both audios and videos, in addition to emails and text messages.
With readily available Apps, even cybercriminals with no coding knowledge or special computing resources can produce customised high-resolution outputs that are humanly undetectable.
Trend Micro is predicting more sophisticated approaches by cybercriminals, a situation which requires evolved security practices and tools.
“More recently, hijacking and jailbreaking apps have become trending topics in cybercrime forums, indicating high criminal interest. These tactics are likely to gain ground in 2024,” noted Zaheer.
Experts have viable solutions
But in a swift action, Trend Micro has earmarked defence strategies to match gen AI threats, involving a combination of zero-trust approaches and the use of AI to make security stronger.
“As the name implies, with zero trust, trust is never presumed. Identities must always be verified, and only necessary people and machines can access sensitive information or processes for defined purposes at specific times. This limits the attack surface and slows attackers down,” he noted.
In situations where cybercriminals target phony purchase order email with deepfake voice confirmation, zero-trust verification would prohibit users from calling the number in the message.
As the name implies, with zero trust, trust is never presumed. Identities must always be verified, and only necessary people and machines can access sensitive information or processes for defined purposes at specific times. This limits the attack surface and slows attackers down
Zaheer Ebrahim
Instead, they would have an established ‘safe list’ of numbers to call, and/or need multi-stakeholder approval to verify the transaction. Coded language could even be used for additional authentication.
“Even though phishing attacks are now too well disguised for users to detect them on their own, cybersecurity awareness training remains essential; it just needs to be backed up with defensive technologies,” Zaheer added.
Through this, AI and machine learning can be used to detect sentiment and tone in messages or evaluate web pages to prevent fraud attempts that might slip by users.
“Over the coming year, local businesses should expect to see cybercriminals leverage AI in new and sophisticated ways. However, defenders can use the technology to their own advantage, combining AI with zero-trust security frameworks and a strong security culture to combat evolving criminal tactics,” he says.